Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / eec16fcb2787921144474bfad70a11908b103e84 / . / contrib / cygwin / ssh-host-config
blob: df8341c8509886bd4b8bcfeb22b3723c79c363ef [file] [log] [blame]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]1#!/bin/sh
2#
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]3# ssh-host-config, Copyright 2000, Red Hat Inc.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]4#
5# This file is part of the Cygwin port of OpenSSH.
6
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]7# Subdirectory where the new package is being installed
8PREFIX=/usr
9
10# Directory where the config files are stored
11SYSCONFDIR=/etc
12
13# Subdirectory where an old package might be installed
14OLDPREFIX=/usr/local
15OLDSYSCONFDIR=${OLDPREFIX}/etc
16
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]17progname=$0
18auto_answer=""
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]19port_number=22
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]20
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]21privsep_configured=no
22privsep_used=yes
23sshd_in_passwd=no
24sshd_in_sam=no
25
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]26request()
27{
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]28 if [ "${auto_answer}" = "yes" ]
29 then
30 return 0
31 elif [ "${auto_answer}" = "no" ]
32 then
33 return 1
34 fi
35
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]36 answer=""
37 while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
38 do
39 echo -n "$1 (yes/no) "
40 read answer
41 done
42 if [ "X${answer}" = "Xyes" ]
43 then
44 return 0
45 else
46 return 1
47 fi
48}
49
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]50# Check options
51
52while :
53do
54 case $# in
55 0)
56 break
57 ;;
58 esac
59
60 option=$1
61 shift
62
63 case "$option" in
64 -d | --debug )
65 set -x
66 ;;
67
68 -y | --yes )
69 auto_answer=yes
70 ;;
71
72 -n | --no )
73 auto_answer=no
74 ;;
75
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]76 -p | --port )
77 port_number=$1
78 shift
79 ;;
80
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]81 *)
82 echo "usage: ${progname} [OPTION]..."
83 echo
84 echo "This script creates an OpenSSH host configuration."
85 echo
86 echo "Options:"
87 echo " --debug -d Enable shell's debug output."
88 echo " --yes -y Answer all questions with \"yes\" automatically."
89 echo " --no -n Answer all questions with \"no\" automatically."
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]90 echo " --port -p <n> sshd listens on port n."
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]91 echo
92 exit 1
93 ;;
94
95 esac
96done
97
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]98# Check if running on NT
99_sys="`uname -a`"
100_nt=`expr "$_sys" : "CYGWIN_NT"`
101
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]102# Check for running ssh/sshd processes first. Refuse to do anything while
103# some ssh processes are still running
104
105if ps -ef | grep -v grep | grep -q ssh
106then
107 echo
108 echo "There are still ssh processes running. Please shut them down first."
109 echo
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]110 #exit 1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]111fi
112
113# Check for ${SYSCONFDIR} directory
114
115if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
116then
117 echo
118 echo "${SYSCONFDIR} is existant but not a directory."
119 echo "Cannot create global configuration files."
120 echo
121 exit 1
122fi
123
124# Create it if necessary
125
126if [ ! -e "${SYSCONFDIR}" ]
127then
128 mkdir "${SYSCONFDIR}"
129 if [ ! -e "${SYSCONFDIR}" ]
130 then
131 echo
132 echo "Creating ${SYSCONFDIR} directory failed"
133 echo
134 exit 1
135 fi
136fi
137
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]138# Create /var/log and /var/log/lastlog if not already existing
139
140if [ -f /var/log ]
141then
142 echo "Creating /var/log failed\!"
143else
144 if [ ! -d /var/log ]
145 then
146 mkdir -p /var/log
147 fi
148 if [ -d /var/log/lastlog ]
149 then
150 echo "Creating /var/log/lastlog failed\!"
151 elif [ ! -f /var/log/lastlog ]
152 then
153 cat /dev/null > /var/log/lastlog
154 fi
155fi
156
157# Create /var/empty file used as chroot jail for privilege separation
158if [ -f /var/empty ]
159then
160 echo "Creating /var/empty failed\!"
161else
162 mkdir -p /var/empty
163 # On NT change ownership of that dir to user "system"
164 if [ $_nt -gt 0 ]
165 then
166 chown system.system /var/empty
167 fi
168fi
169
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]170# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
171# the same as ${PREFIX}
172
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]173old_install=0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]174if [ "${OLDPREFIX}" != "${PREFIX}" ]
175then
176 if [ -f "${OLDPREFIX}/sbin/sshd" ]
177 then
178 echo
179 echo "You seem to have an older installation in ${OLDPREFIX}."
180 echo
181 # Check if old global configuration files exist
182 if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
183 then
184 if request "Do you want to copy your config files to your new installation?"
185 then
186 cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
187 cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
188 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
189 cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
190 cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
191 cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
192 fi
193 fi
194 if request "Do you want to erase your old installation?"
195 then
196 rm -f ${OLDPREFIX}/bin/ssh.exe
197 rm -f ${OLDPREFIX}/bin/ssh-config
198 rm -f ${OLDPREFIX}/bin/scp.exe
199 rm -f ${OLDPREFIX}/bin/ssh-add.exe
200 rm -f ${OLDPREFIX}/bin/ssh-agent.exe
201 rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
202 rm -f ${OLDPREFIX}/bin/slogin
203 rm -f ${OLDSYSCONFDIR}/ssh_host_key
204 rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
205 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
206 rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
207 rm -f ${OLDSYSCONFDIR}/ssh_config
208 rm -f ${OLDSYSCONFDIR}/sshd_config
209 rm -f ${OLDPREFIX}/man/man1/ssh.1
210 rm -f ${OLDPREFIX}/man/man1/scp.1
211 rm -f ${OLDPREFIX}/man/man1/ssh-add.1
212 rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
213 rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
214 rm -f ${OLDPREFIX}/man/man1/slogin.1
215 rm -f ${OLDPREFIX}/man/man8/sshd.8
216 rm -f ${OLDPREFIX}/sbin/sshd.exe
217 rm -f ${OLDPREFIX}/sbin/sftp-server.exe
218 fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]219 old_install=1
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]220 fi
221fi
222
223# First generate host keys if not already existing
224
225if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
226then
227 echo "Generating ${SYSCONFDIR}/ssh_host_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]228 ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
229fi
230
231if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
232then
233 echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
234 ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]235fi
236
237if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
238then
239 echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]240 ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]241fi
242
243# Check if ssh_config exists. If yes, ask for overwriting
244
245if [ -f "${SYSCONFDIR}/ssh_config" ]
246then
247 if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
248 then
249 rm -f "${SYSCONFDIR}/ssh_config"
250 if [ -f "${SYSCONFDIR}/ssh_config" ]
251 then
252 echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
253 fi
254 fi
255fi
256
257# Create default ssh_config from here script
258
259if [ ! -f "${SYSCONFDIR}/ssh_config" ]
260then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]261 echo "Generating ${SYSCONFDIR}/ssh_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]262 cat > ${SYSCONFDIR}/ssh_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]263# This is the ssh client system-wide configuration file. See
264# ssh_config(5) for more information. This file provides defaults for
265# users, and the values can be changed in per-user configuration files
266# or on the command line.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]267
268# Configuration data is parsed as follows:
269# 1. command line options
270# 2. user-specific file
271# 3. system-wide file
272# Any configuration value is only changed the first time it is set.
273# Thus, host-specific definitions should be at the beginning of the
274# configuration file, and defaults at the end.
275
276# Site-wide defaults for various options
277
278# Host *
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]279# ForwardAgent no
280# ForwardX11 no
281# RhostsAuthentication no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]282# RhostsRSAAuthentication no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]283# RSAAuthentication yes
284# PasswordAuthentication yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]285# BatchMode no
286# CheckHostIP yes
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]287# StrictHostKeyChecking ask
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]288# IdentityFile ~/.ssh/identity
289# IdentityFile ~/.ssh/id_dsa
290# IdentityFile ~/.ssh/id_rsa
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]291# Port 22
292# Protocol 2,1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]293# Cipher 3des
294# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]295# EscapeChar ~
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]296EOF
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]297 if [ "$port_number" != "22" ]
298 then
299 echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
300 echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
301 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]302fi
303
304# Check if sshd_config exists. If yes, ask for overwriting
305
306if [ -f "${SYSCONFDIR}/sshd_config" ]
307then
308 if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
309 then
310 rm -f "${SYSCONFDIR}/sshd_config"
311 if [ -f "${SYSCONFDIR}/sshd_config" ]
312 then
313 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
314 fi
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]315 else
316 grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]317 fi
318fi
319
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]320# Prior to creating or modifying sshd_config, care for privilege separation
321
322if [ "$privsep_configured" != "yes" ]
323then
324 if [ $_nt -gt 0 ]
325 then
326 echo "Privilege separation is set to yes by default since OpenSSH 3.3."
327 echo "However, this requires a non-privileged account called 'sshd'."
328 echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
329 echo
330 if request "Shall privilege separation be used?"
331 then
332 privsep_used=yes
333 grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
334 net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
335 if [ "$sshd_in_passwd" != "yes" ]
336 then
337 if [ "$sshd_in_sam" != "yes" ]
338 then
339 echo "Warning: The following function requires administrator privileges!"
340 if request "Shall this script create a local user 'sshd' on this machine?"
341 then
342 dos_var_empty=`cygpath -w /var/empty`
343 net user sshd /add /fullname:"sshd privsep" "/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 && sshd_in_sam=yes
344 if [ "$sshd_in_sam" != "yes" ]
345 then
346 echo "Warning: Creating the user 'sshd' failed!"
347 fi
348 fi
349 fi
350 if [ "$sshd_in_sam" != "yes" ]
351 then
352 echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
353 echo " Privilege separation set to 'no' again!"
354 echo " Check your ${SYSCONFDIR}/sshd_config file!"
355 privsep_used=no
356 else
357 mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd
358 fi
359 fi
360 else
361 privsep_used=no
362 fi
363 else
364 # On 9x don't use privilege separation. Since security isn't
365 # available it just adds useless addtional processes.
366 privsep_used=no
367 fi
368fi
369
370# Create default sshd_config from here script or modify to add the
371# missing privsep configuration option
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]372
373if [ ! -f "${SYSCONFDIR}/sshd_config" ]
374then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]375 echo "Generating ${SYSCONFDIR}/sshd_config file"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]376 cat > ${SYSCONFDIR}/sshd_config << EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]377# This is the sshd server system-wide configuration file. See
378# sshd_config(5) for more information.
379
380# The strategy used for options in the default sshd_config shipped with
381# OpenSSH is to specify options with their default value where
382# possible, but leave them commented. Uncommented options change a
383# default value.
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]384
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]385Port $port_number
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]386#Protocol 2,1
387#ListenAddress 0.0.0.0
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]388#ListenAddress ::
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]389
390# HostKey for protocol version 1
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]391#HostKey ${SYSCONFDIR}/ssh_host_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]392# HostKeys for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]393#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
394#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]395
396# Lifetime and size of ephemeral version 1 server ke
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]397#KeyRegenerationInterval 3600
398#ServerKeyBits 768
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]399
400# Logging
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]401#obsoletes QuietMode and FascistLogging
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]402#SyslogFacility AUTH
403#LogLevel INFO
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]404
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]405# Authentication:
406
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]407#LoginGraceTime 600
408#PermitRootLogin yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]409# The following setting overrides permission checks on host key files
410# and directories. For security reasons set this to "yes" when running
411# NT/W2K, NTFS and CYGWIN=ntsec.
412StrictModes no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]413
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]414#RSAAuthentication yes
415#PubkeyAuthentication yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]416#AuthorizedKeysFile %h/.ssh/authorized_keys
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]417
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]418# rhosts authentication should not be used
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]419#RhostsAuthentication no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]420# Don't read ~/.rhosts and ~/.shosts files
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]421#IgnoreRhosts yes
422# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
423#RhostsRSAAuthentication no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]424# similar for protocol version 2
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]425#HostbasedAuthentication no
426# Change to yes if you don't trust ~/.ssh/known_hosts for
427# RhostsRSAAuthentication and HostbasedAuthentication
428#IgnoreUserKnownHosts no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]429
430# To disable tunneled clear text passwords, change to no here!
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]431#PasswordAuthentication yes
432#PermitEmptyPasswords no
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]433
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]434# Change to no to disable s/key passwords
435#ChallengeResponseAuthentication yes
436
437#X11Forwarding no
438#X11DisplayOffset 10
439#X11UseLocalhost yes
440#PrintMotd yes
441#PrintLastLog yes
442#KeepAlive yes
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]443#UseLogin no
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]444UsePrivilegeSeparation $privsep_used
445#Compression yes
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]446
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]447#MaxStartups 10
448# no default banner path
449#Banner /some/path
450#VerifyReverseMapping no
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]451
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]452# override default of no subsystems
Damien Milleraba690c2001-11-12 10:36:21 +1100[diff] [blame]453Subsystem sftp /usr/sbin/sftp-server
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]454EOF
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]455elif [ "$privsep_configured" != "yes" ]
456then
457 echo >> ${SYSCONFDIR}/sshd_config
458 echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]459fi
460
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]461# Care for services file
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]462if [ $_nt -gt 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]463then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]464 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
465 _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
466else
467 _wservices="${WINDIR}\\SERVICES"
468 _wserv_tmp="${WINDIR}\\SERV.$$"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]469fi
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]470_services=`cygpath -u "${_wservices}"`
471_serv_tmp=`cygpath -u "${_wserv_tmp}"`
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]472
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]473mount -t -f "${_wservices}" "${_services}"
474mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]475
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]476# Remove sshd 22/port from services
477if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]478then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]479 grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
480 if [ -f "${_serv_tmp}" ]
481 then
482 if mv "${_serv_tmp}" "${_services}"
483 then
484 echo "Removing sshd from ${_services}"
485 else
486 echo "Removing sshd from ${_services} failed\!"
487 fi
488 rm -f "${_serv_tmp}"
489 else
490 echo "Removing sshd from ${_services} failed\!"
491 fi
492fi
493
494# Add ssh 22/tcp and ssh 22/udp to services
495if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
496then
497 awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]498 if [ -f "${_serv_tmp}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]499 then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]500 if mv "${_serv_tmp}" "${_services}"
501 then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]502 echo "Added ssh to ${_services}"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]503 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]504 echo "Adding ssh to ${_services} failed\!"
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]505 fi
506 rm -f "${_serv_tmp}"
507 else
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]508 echo "Adding ssh to ${_services} failed\!"
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]509 fi
510fi
511
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]512umount "${_services}"
513umount "${_serv_tmp}"
514
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]515# Care for inetd.conf file
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]516_inetcnf="${SYSCONFDIR}/inetd.conf"
517_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]518
519if [ -f "${_inetcnf}" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]520then
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]521 # Check if ssh service is already in use as sshd
522 with_comment=1
523 grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
524 # Remove sshd line from inetd.conf
525 if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
526 then
527 grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
528 if [ -f "${_inetcnf_tmp}" ]
529 then
530 if mv "${_inetcnf_tmp}" "${_inetcnf}"
531 then
532 echo "Removed sshd from ${_inetcnf}"
533 else
534 echo "Removing sshd from ${_inetcnf} failed\!"
535 fi
536 rm -f "${_inetcnf_tmp}"
537 else
538 echo "Removing sshd from ${_inetcnf} failed\!"
539 fi
540 fi
541
542 # Add ssh line to inetd.conf
543 if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
544 then
545 if [ "${with_comment}" -eq 0 ]
546 then
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]547 echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]548 else
Ben Lindstromc42f7cf2002-04-12 17:44:13 +0000[diff] [blame]549 echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
Damien Miller8ac0a7e2001-03-07 21:38:19 +1100[diff] [blame]550 fi
551 echo "Added ssh to ${_inetcnf}"
552 fi
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]553fi
554
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]555# On NT ask if sshd should be installed as service
556if [ $_nt -gt 0 ]
557then
558 echo
559 echo "Do you want to install sshd as service?"
560 if request "(Say \"no\" if it's already installed as service)"
561 then
562 echo
563 echo "Which value should the environment variable CYGWIN have when"
564 echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
565 echo "able to change user context without password."
566 echo -n "Default is \"binmode ntsec tty\". CYGWIN="
567 read _cygwin
568 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
569 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
570 then
Ben Lindstrom6dbf3002002-07-03 23:33:19 +0000[diff] [blame]571 chown system /${SYSCONFDIR}/ssh*
Ben Lindstroma5820292001-07-18 16:25:41 +0000[diff] [blame]572 echo
573 echo "The service has been installed under LocalSystem account."
574 fi
575 fi
576fi
577
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]578if [ "${old_install}" = "1" ]
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]579then
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]580 echo
581 echo "Note: If you have used sshd as service or from inetd, don't forget to"
582 echo " change the path to sshd.exe in the service entry or in inetd.conf."
Kevin Steves9be6e262000-10-29 19:18:49 +0000[diff] [blame]583fi
584
585echo
Ben Lindstromb100ec92001-01-19 05:37:32 +0000[diff] [blame]586echo "Host configuration finished. Have fun!"